add moar fail2ban rules
This commit is contained in:
parent
49b5665f77
commit
3dc427c467
1 changed files with 16 additions and 2 deletions
|
@ -19,19 +19,33 @@ with lib;
|
|||
# --------------------
|
||||
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
|
||||
(mkIf config.components.network.fail2ban.enable {
|
||||
services.fail2ban.jails.nginx-git-ingolf-wagner-de.settings = {
|
||||
services.fail2ban.jails.nginx-git-not-found.settings = {
|
||||
port = "http,https";
|
||||
logpath = "%(nginx_error_log)s";
|
||||
};
|
||||
environment.etc = {
|
||||
# Defines a filter that detects URL probing by reading the Nginx access log
|
||||
"fail2ban/filter.d/nginx-git-ingolf-wagner-de.local".text = ''
|
||||
"fail2ban/filter.d/nginx-git-not-found.local".text = ''
|
||||
[Definition]
|
||||
failregex = src_addr="<HOST>".*response_statu="404".*host="git\.ingolf-wagner\.de"
|
||||
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
|
||||
'';
|
||||
};
|
||||
})
|
||||
(mkIf config.components.network.fail2ban.enable {
|
||||
services.fail2ban.jails.nginx-git-bad-request.settings = {
|
||||
port = "http,https";
|
||||
logpath = "%(nginx_error_log)s";
|
||||
};
|
||||
environment.etc = {
|
||||
# Defines a filter that detects URL probing by reading the Nginx access log
|
||||
"fail2ban/filter.d/nginx-git-bad-request.local".text = ''
|
||||
[Definition]
|
||||
failregex = src_addr="<HOST>".*response_statu="400".*host="git\.ingolf-wagner\.de"
|
||||
journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
|
||||
'';
|
||||
};
|
||||
})
|
||||
|
||||
];
|
||||
|
||||
|
|
Loading…
Reference in a new issue